In response to increased financial fraud issues, the Ohio Division of Financial Institutions (DFI) recently issued data security guidelines. While the DFI specifically addressed debit card issues, its language indicates expectations for all institutions, requiring active steps to implement data security measures.

The DFI emphasized the following obligations:

  • Daily review of security-related issues
  • Email security and encryption
  • Timely review of security and activity reports
  • Suspicious activity report (SAR) training
  • Standardized security controls
  • After hours mechanisms to control suspicious activity

At its Ohio Banker’s Day on March 31, 2016, the DFI spent considerable time discussing financial fraud. It is apparent that further guidelines and bulletins will be forthcoming and will apply to all consumer-related activity, including lending. In light of its supervisory bulletin, verbal statements and the Consumer Financial Protection Bureau’s recent order in Dwolla, it is expected that data security will be a priority item in any future Ohio financial institution examinations.